Maybe we should let the MLM developers, some of whom are here (or were, maybe
they've been scared off) comment?
Hi. That would include me, one of the people who do occasional
development on majordomo2.
I have added code to mj2 to pass the list domain to the shim I use for
outbound signing, so my outbound list mail has a signature from the list
domain, along with the MTA signature that all the mail has. mj2 has an
unusually complex set of options for handling incoming mail, and I haven't
yet decided what, if anything, to do with incoming signatures. I might
remember the signature on a user's signup and confirmation mail, and add a
variable that people can test to see if an incoming message has the same
signature as the remembered one, so they can use it to bypass some of the
checks, e.g., large messages or some kinds of MIME parts, although it is
far from clear whether anyone would use it.
In the decade I've been using mj and mj2, I cannot ever remember anyone
ever expressing any concern about recipients verifying the identity of
contributors. (For that matter, I don't recall anyone asking about MTA
verification of contributors beyond the usual from: address.)
I haven't decided whether to strip of incoming DKIM signatures, but that'd
be easy, just add a line to the existing configurable list of headers it
strips already.
I don't currently do anything about ADSP. Unless a lot more people use it
than I expect, I probably won't. If I do, it'll just be to discard mail
from discardable domains. mj2 doesn't run at SMTP time so there's no way
to reject it.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html